Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/userguide/diffusion_hosting.diviner
| Show First 20 Lines • Show All 71 Lines • ▼ Show 20 Lines | - Create a `vcs-user` if one does not already exist. Common names for this | ||||
| user are `git` or `hg`. When users clone repositories, they will use a URI | user are `git` or `hg`. When users clone repositories, they will use a URI | ||||
| like `vcs-user@phabricator.yourcompany.com`. | like `vcs-user@phabricator.yourcompany.com`. | ||||
| Now, allow the `vcs-user` and `www-user` to `sudo` as the `daemon-user`. Add | Now, allow the `vcs-user` and `www-user` to `sudo` as the `daemon-user`. Add | ||||
| this to `/etc/sudoers`, using `visudo` or `sudoedit`. | this to `/etc/sudoers`, using `visudo` or `sudoedit`. | ||||
| If you plan to use SSH: | If you plan to use SSH: | ||||
| Defaults:vcs-user !requiretty | |||||
| vcs-user ALL=(daemon-user) SETENV: NOPASSWD: /path/to/bin/git-upload-pack, /path/to/bin/git-receive-pack, /path/to/bin/hg, /path/to/bin/svnserve | vcs-user ALL=(daemon-user) SETENV: NOPASSWD: /path/to/bin/git-upload-pack, /path/to/bin/git-receive-pack, /path/to/bin/hg, /path/to/bin/svnserve | ||||
| If you plan to use HTTP: | If you plan to use HTTP: | ||||
| Defaults:www-user !requiretty | |||||
| www-user ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-http-backend, /usr/bin/hg | www-user ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-http-backend, /usr/bin/hg | ||||
| Replace `vcs-user`, `www-user` and `daemon-user` with the right usernames for | Replace `vcs-user`, `www-user` and `daemon-user` with the right usernames for | ||||
| your configuration. Make sure all the paths point to the real locations of the | your configuration. Make sure all the paths point to the real locations of the | ||||
| binaries on your system. You can omit any binaries associated with VCSes you do | binaries on your system. You can omit any binaries associated with VCSes you do | ||||
| not use. | not use. | ||||
| Adding these commands to `sudoers` will allow the daemon and webserver users to | Adding these commands to `sudoers` will allow the daemon and webserver users to | ||||
| write to repositories as the daemon user. | write to repositories as the daemon user. | ||||
| Before saving and closing `/etc/sudoers`, look for this line: | |||||
| Defaults requiretty | |||||
| If it's present, comment it out by putting a `#` at the beginning of the line. | |||||
| With this option enabled, VCS SSH sessions won't be able to use `sudo`. | |||||
| If you're planning to use SSH, you should also edit `/etc/passwd` and | If you're planning to use SSH, you should also edit `/etc/passwd` and | ||||
| `/etc/shadow` to make sure the `vcs-user` account is set up correctly. | `/etc/shadow` to make sure the `vcs-user` account is set up correctly. | ||||
| - Open `/etc/shadow` and find the line for the `vcs-user` account. | - Open `/etc/shadow` and find the line for the `vcs-user` account. | ||||
| - The second field (which is the password field) must not be set to | - The second field (which is the password field) must not be set to | ||||
| `!!`. This value will prevent login. If it is set to `!!`, edit it | `!!`. This value will prevent login. If it is set to `!!`, edit it | ||||
| and set it to `NP` ("no password") instead. | and set it to `NP` ("no password") instead. | ||||
| - Open `/etc/passwd` and find the line for the `vcs-user` account. | - Open `/etc/passwd` and find the line for the `vcs-user` account. | ||||
| ▲ Show 20 Lines • Show All 265 Lines • Show Last 20 Lines | |||||